Privacy Policy

Riliance helps clients understand, manage and be compliant with relevant legislation every day. We take our own responsibilities under data protection just as seriously, including upholding the data subject’s right to transparency. This privacy notice contains information about what data we collect and store about you, how we use it, the legal basis for using it and how long we keep it. It also tells you who we share this information with, what we do to protect your data and how to get in touch with us.

Who We Are?

Riliance Software Limited (company number 06777866) and Riliance Training Limited (company number 05359583) operate as a group, known as ‘Riliance’. We collect, use and are responsible for certain categories of your personal information. When we do this we are the ‘controller’ of this information for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws, including the Data Protection Act 2018.

We also will process data given to us by our clients under their instruction in the course of providing services to them. When we do this, we are a data processor, which accounts for most of our processing activity.

Information collected by us

We may collect personal data about you as follows:• Your name and contact details (including your address, email and phone numbers);• Information about the business you work at and your role there;• Information about your regulatory status such as any registration details held by you or your business (e.g. SRA, ICAEW, FCA);• Information about partnerships and sole practitioner firm details including registration details, address, name and your position;• Training records, development plans and test results (e.g. e-learning test results);• Personal information that may be included in communications with us;• Information you provide to us about your clients or matters;• Details of goods and services that we provide to or receive from you, or that we are arranging to provide or receive from you;• Payment information and financial information that relates to our relationship including bank details, bank account • Personal information given to us in relation to working at Riliance such as your CV, answers to any tests or assessments, education, training, employment history and information given in interview and meetings we may have with you.

You may also give us information that is classifies as ‘special categories’ under GDPR however we do not routinely do this. We will explain this to you if we need to start processing this type of data, or if we are acting as a Data Processor then the Data Controller will explain this to you. More information about ‘special categories’ can be found here.

Information Collected From Other Sources

We may also collect the same categories of information from third parties such as:

• Your employer or authorised individuals in a business you work for or own;• Public bodies such as the SRA, Companies House and the Law Society;• Recruitment companies and public CV publishing companies and websites;• Information on public record, including professional networking sites;• Suppliers of goods or services;• Accountants and other professional advisers;• Our clients.

Even if we have not had direct contact with you and are processing data given to us by a third party for a purpose and with a legal basis outlined below, the contents of this privacy notice will still be in effect. We look after all personal data in the same way, regardless of where it has come from and whether we are acting as a data controller or a data processor.

How We Use Your Personal Information

We use your personal information for the following purposes:• To arrange the provision of software, training and consultancy services;• To comply with our legal responsibilities to regulatory bodies;• To promote and market the services of Riliance;• To manage matters relating to our payroll and employment, including our legal responsibilities as an employer and our obligations to HMRC;• To engage with individuals who want to work at Riliance;• To engage with partners that supply us with good and services;• To manage any queries or complaints you have about the services you receive;• To train and develop our staff at Riliance;• To monitor the quality of service we deliver to you, and ensure it meets your expectations;• To comply with legal obligations to act in the public interest and uphold the rule of law.

Legal Reasons We Collect And Use Your Personal Information

We have a legal basis for all the data we process. We rely on a different legal basis depending on the data we are processing and the reason we are processing it. We rely on the following legal basis in these circumstances:

Consent

In some cases you will give us consent to use your information in a certain way. If you have given us consent to use your data in a certain way, and we have no other legal basis for doing so, we will rely on your consent. The activities where we rely on your consent are:

Sending you marketing information including offers and information about our services.

Processing job applications. You can withdraw consent at any time however please be aware we will be unable to process your application if you do so.

You always have the right to withdraw your consent at any time. If you wish to withdraw your consent then please contact us using any of the details below (‘Get in touch’).

Legal Obligations

We will rely on our legal obligations to process information for the following purposes:

Complying with our responsibilities to regulators and under applicable legislation.

Complying with our legal obligations as an employer.

Complying with obligations to HMRC regarding records keeping of our financial activity, including information relating to transactions, billing and payments.

Defending a legal claim or upholding the rule of law.

Performance of a Legal Contract

We will process information that relates to the services we are providing you with, or receiving from you, that are bound by our engagement with you (legal contract). The areas where we are processing data to enter into, or fulfil a legal contract are:

Delivering services to you under contract and keeping you updated with changes or information relating to those services.

When we are processing information from you to arrange a contract between us, such as when you give us your details to enter into an agreement for services with us.

Performance of any legal contract as a supplier or customer.

Legitimate Interest

We may rely on a legitimate interest to process information. When we do this we will have assessed our legitimate interest to consider the rights and freedoms of the data subject.

We rely on legitimate interest to train our staff so that they can provide an exceptional service to all of our clients. There may be scenarios relating to their engagement with you which we review with them as part of training and development.

We rely on legitimate interests in some cases to invite you to certain events such as webinars and seminars. Our legitimate interest is to provide information to our clients and contacts that will support their use of our services and that could be of benefit to them.

Who Will We Share Your Personal Information With?

We take client confidentiality very serious and will not share any information entered into any of our software or platforms unless required to do so by law. Other information we process we may share with:

• Professional advisers, advisers and consultants that help us to manage Riliance and achieve our objectives as a business;• Training agencies that help us to develop our staff and services;• Our accountants and solicitors that are engaged by us to provide services required by law, such as filing financial information with HMRC;• We may use data processors, such as software providers, in the course of running the business including CRM providers, email communication platforms, social media platforms and help desk management systems;• We will use 3rd party hosting providers to provision and host our software and platforms;• Storage and archiving providers to ensure your information is protected securely and backed up.

Any partners, suppliers or third parties we share data with will be bound by strict agreements that meet the requirements of GDPR, and will be monitored for performance with those agreements.

We will share personal information with official bodies if required by law including the SRA, ICO, the police, law enforcement and intelligence agencies.

Transfer Of Your Information Outside The European Economic Area (EEA)

It may be necessary to transfer your personal information outside the EEA or to an international organisation in order to perform your instructions. We do not routinely transfer data outside of the EEA, and if we do we will notify you of the reasons, the legal basis for doing so, any relevant risk assessments that we want to make you aware of, and the safeguards in place to protect your rights and freedoms.

Clients can access our systems outside of the EEA by logging in through the cloud based portal. In these cases and when we are acting as a data processor, the means and purposes of processing (including transfer outside of the EEA) is decided entirely by our client.

How Long Will We Store Your Personal Data?

We will only keep your information for as long as necessary to complete the purposes we have described above. We use the following retention periods and review these periodically to make sure we are only keeping what we need (If information can be kept for two different periods, we will keep it for the longer of those two periods):

• Client information – We will keep information about you as our client for a period of 1 year after our contract with you ends unless we have another legal basis to process that information;• Advice – We will keep any information relating to client advice we have given for a period of 7 years after the date of the advice, or for any limitation period plus 1 year, whichever is longer;• System information – Any information you enter into our platforms will be kept for a maximum of 9 months after the contract ends. For most of this time, the information will be kept in secure encrypted backups that are deleted at the end of that period;• Financial Transactions – Information about you and any financial transactions, including fees paid and payments for services, we will keep for a period of 7 years to comply with HMRC requirements to keep accurate records that can be audited;• Contact information - Information used in marketing with your consent or to pursue a legitimate interest will be kept for 30 days once you have withdrawn your consent.

Your Rights

Under the GDPR, you have a number of important rights that you can exercise free of charge. In summary, these rights are:

• Transparency over how we use your personal data and fair processing of your information (which includes the right to be given the information in this notice)• Access to your personal information and other supplementary information;• Require us to correct any mistakes or complete missing information we hold on you;• Require us to erase your personal information in certain circumstances;• Receive a copy of the personal information you have provided to us or have this information be sent to a third party, this will be provided to you or the third party in a structured, commonly used and machine readable format;• Object at any time to processing of your personal information for direct marketing;• Object in certain other situations to the continued processing of your personal information;• Restrict our processing of your personal information in certain circumstances;• Request not to be subject to automated decision making which produce legal effects that concern you or affect you in a significantly similar way;

If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual's rights under the GDPR.

If you want to exercise any of these rights, please contact us (see ‘get in touch’ for contact details) and let us know who you are and what right you want to exercise. We may need to ask for additional information regarding your identity, and we may also need some information from you on specific categories of data, types of processing activities or periods of processing activities that you wish to focus your request around.

We will respond to you no later than one month from when we receive your request.

How To Make A Complaint

If something does go wrong or you are in anyway unhappy with how we have treated your data then please do not hesitate to contact our CEO, Richard Beech (Richard.beech@riliance.co.uk or see below ‘get in touch’).

The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority. The UK supervisory authority is the Information Commissioner’s Office who can be contacted at https://ico.org.uk/concerns/.

Our Security

Riliance, as a software company, puts information security and confidentiality at the core of our business. We have implemented a number of measures to protect your information including:

• Training all of our staff on GDPR and information security;• Third party security reviews including penetration testing;• Maintenance of the ISO27001:2013 security standard;• Policies and procedures that cover information security and data protection legislation;• Security functions in systems such as IP locks, administration controls and logging;• Risk management processes that identify and mitigate risks and threats to your information;• Encrypted backups taken periodically to make sure data is always available, • Encryption on devices that hold data and ability to remote disable company devices;• Password policies for any systems that hold data;• Staff awareness and contractual confidentiality clauses.

Future Processing

We do not intend to process your personal information for any reason other than stated within this privacy notice. If this changes, we will update this privacy notice on our website and in any documentation we will send to you.

Changes To This Privacy Notice

This privacy was published in May 2018. It is due for review no later than May 2019. We regularly review our internal privacy practices and may change this policy from time to time. When we do we will inform you by updating our website and telling you in any documentation or messages we send you.

Get In Touch

If you have any questions about this privacy notice or the information we hold about you, please contact us and let us know it is in relation to your data. We will make sure you speak to the right person: